That is a definite worry. Programmer Barnaby Jack hacked pacemakers -- for a good cause. And he died just before he was going to demonstrate how to attack implanted heart devices he said could kill someone from 30 feet away. If one person can do that, who knows how many other smart people can accomplish the same thing? Add a network to IoT implanted devices and you have a lot of potentially dangerous devices.

In a world that is going connected with IOT in healthcare systems as well (where everything is controlled using sensor outputs), hackers may be using this sensitive data to alter the healthcare systems offered to a patient (sounds sci-fi, but the scenarios can be present where hackers can remotely switch off the life support systems for a patient who is an important political figure).

Providing 12-months of monitoring has become the default CYA whenever there's a breach. What happens on Day 366 or 367, I wonder? This question isn't aimed specifically at Montana. They're following the customary pattern, a pattern we see day in, day out. I can't think of a better solution and it's always easier to criticize than resolve a problem, but I do wonder if there isn't a better approach -- other than ensuring data is more secure from the get-go, of course!

Hackers breached a server in the State of Montana's Department of Public Health and Human Services, prompting officials to notify 1.3 million people of the incident. No evidence has been found to show that this information was used maliciously but worse could have been done. The institution is right to offer free credit to patients offering them the security of their personal information and identity. Institutions should now be careful and cautious in order to avoid being victims of this rising of breaches into systems.

I asked, @BryanB but they were really close-mouthed about the products, tools, or practices they use. And, to be honest, i can't blame them from not wanting to share what they use -- since that would probably make it easier for hackers to break in again. And they also didn't want to discuss their newer tools, unsurprisingly. It is impressive how fast they notified people, especially when you think about the long lapses often involved in retail data thefts.

That's a great point. The last time I applied for a credit card online I had to answer a secondary round of questions about past addresses, people in my household, and cars -- that really put my mind at ease because it adds a second layer of security. It really should be on credit card companies, loan companies, and other financial (and other) service providers to no longer merely accept those three pieces of information as adequate for opening an account.

That is an issue that needs to be addressed. There need to be more mechanisms in place that make it harder to use someone else's identity. It's very similar to the cell phone kill switch that is now coming out. If we can find ways to take the value out of the stolen data by making it less usable, that will help address the demand.

The other side of these hacking stories needs to be covered, too. Why is it so easy for someone to get credit in your name with only 3 pieces of info- name, SSN, birthdate? Hackers gaining financially from the data they're stealing provides much of the motivation to do it.

As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.